On 5/5/19 11:58 AM, Andrey Andreev wrote: > Thanks for the advice! I followed it and switched to systemd-networkd. NM is > stopped&disabled. > But the issue with default route being pushed into table 254 by the > connection with static IP still persists. Here is the new net connections > setup: > > # /etc/systemd/network/10_enp3s0.network > [Match] > Name=enp3s0 > [Network] > Description=enp3s0 - ISP #1 > DHCP=ipv4 > DNS=8.8.8.8 > DNS=8.8.4.4 > [DHCP] > #UseRoutes=false > RouteMetric=50 > > # /etc/systemd/network/20_enp1s0.network > [Match] > Name=enp1s0 > [Network] > Description=enp1s0 - ISP #2 > Address=192.168.42.253/24 > DNS=8.8.8.8 > DNS=8.8.4.4 > [Route] > Gateway=192.168.42.1 > Metric=200 > > In this state after network restart or cables plug out/in, 2 default routes > are created in table 254: > default via GW1 dev enp3s0 proto dhcp src WAN1 metric 50 > default via 192.168.42.1 ..... metric 200 > > Manual shorewall restart is required to clean them. > Uncommenting #UseRoutes=false stops the creation of first default route by > the dhcp connection. > But there is no way to stop default route by static IP connection if GW is > defined. If GW is omitted, no default route is created but there is no > internet access through this connection either.
Then don't specify GW in the network config, and define it in /etc/shorewall/providers instead. > Similar was the situation with NM: DEFROUTE=no and GW exclude each other. > How to solve this puzzle? Don't know -- I run Debian which uses its own network configuration system. > [Link] RequiredForOnline=no could make networkd insensitive to carrier loss, > but restoring default routes on boot and networkd restart will still take > place, I guess. Also don't know -- never used systemd-networkd... > > One observation with the above systemd-networkd configuration: metric values > arrange the 2 default connections the way I need and yield some failover > behaviour on cable disconnect: > - when ISP1&2 are up (carrier available) the internet goes through ISP1 ruled > by metric=50, > - when ISP1 is down (cable disconnected) the first default route disappears > and net goes automatically through ISP2, > - when ISP1 cable is reconneted the internet access is restored through ISP1 > by a newly sreated default route. > That would be enough if "connection UP" = "cable plugged in" and vice versa, > but that is not the case and here foolsm + shorewall should come in. > > I start asking myself if pulling cables or issuing ifdown/ifup commands is > the right thing to do to simulate no internet access. ifup/ifdown is certainly wrong. But unplug/plug works if no other piece of the system starts inserting routes in response. > Carrier loss makes the network aware of the event and it takes some action. But it usually doesn't cause routes to be deleted/added. Is there a graceful way to cut out interactively just ping response? You can try manually inserting a DROP iptables rule... -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
